Security Onion

                              SECURITY ONION

What is Security Onion :
-Security Onion is a Linux distro for IDS (Intrusion Detection and NSM (Network Security Monitoring).
- Developed by Doug Burks.
-Designed to make deploying complex open source tools via a single package.
(Snort, Suricata, Sguil, Snorby, etc.)
- Allows the choice of IDS engine, analyst console, web interfaces.
- Free (Open Source) !!

What in the Onion 
Over 60 custom tools 
Snort – Signature based IDS 
Sguil – Security analyst console 
Squert - View HIDS/NIDS alerts and HTTP logs 
Snorby - View and annotate IDS alerts 
ELSA - Search logs (IDS, Bro and syslog) 
Bro - Powerful network analysis framework with highly detailed logs 
OSSEC - Monitors local logs, file integrity & rootkits

 "Network security monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions.“

Installation of Security Onion :
Installation of onion is simple , but takes time to install a pretty bunch of tools within it. 
You can find the installation procedure in the below link. 
This is the final GUI after an successful installation

Why Security Onion 
- A complete set of Network Monitoring linux distro provides a better lookout for the network analysts.
- Since its free, its feasible for the small organization for their network analysis.
- Easy to install and use.

Where do we go now 
You can find videos for more on Security Onion


Post a Comment